Ignore:
File:
1 edited

Legend:

Unmodified
Added
Removed
  • protocols/jabber/sasl.c

    r73dd021 r9b02bab  
    3838        "6C-Zgf7Tr7gEQTPlBhMUgo7R",
    3939};
    40 const struct oauth2_service oauth2_service_facebook =
    41 {
    42         "https://www.facebook.com/dialog/oauth",
    43         "https://graph.facebook.com/oauth/access_token",
    44         "https://www.bitlbee.org/main.php/Facebook/oauth2.html",
    45         "offline_access,xmpp_login",
    46         "126828914005625",
    47         "4b100f0f244d620bf3f15f8b217d4c32",
    48 };
    4940
    5041xt_status sasl_pkt_mechanisms(struct xt_node *node, gpointer data)
     
    5445        struct xt_node *c, *reply;
    5546        char *s;
    56         int sup_plain = 0, sup_digest = 0, sup_gtalk = 0, sup_fb = 0, sup_anonymous = 0;
     47        int sup_plain = 0, sup_digest = 0, sup_gtalk = 0, sup_anonymous = 0;
    5748        int want_oauth = FALSE, want_hipchat = FALSE, want_anonymous = FALSE;
    5849        GString *mechs;
     
    8980                } else if (c->text && g_strcasecmp(c->text, "X-OAUTH2") == 0) {
    9081                        sup_gtalk = 1;
    91                 } else if (c->text && g_strcasecmp(c->text, "X-FACEBOOK-PLATFORM") == 0) {
    92                         sup_fb = 1;
    9382                }
    9483
     
    10190
    10291        if (!want_oauth && !sup_plain && !sup_digest) {
    103                 if (!sup_gtalk && !sup_fb) {
     92                if (!sup_gtalk) {
    10493                        imcb_error(ic, "This server requires OAuth "
    10594                                   "(supported schemes:%s)", mechs->str);
     
    137126                reply->text_len = strlen(reply->text);
    138127                g_free(s);
    139         } else if (sup_fb && want_oauth) {
    140                 xt_add_attr(reply, "mechanism", "X-FACEBOOK-PLATFORM");
    141                 jd->flags |= JFLAG_SASL_FB;
    142128        } else if (want_oauth) {
    143129                imcb_error(ic, "OAuth requested, but not supported by server");
     
    154140                xt_free_node(reply);
    155141                return XT_ABORT;
    156         } else if (sup_digest) {
     142        } else if (sup_digest && !(jd->ssl && sup_plain)) {
     143                /* Only try DIGEST-MD5 if there's no SSL/TLS or if PLAIN isn't supported.
     144                 * Which in practice means "don't bother with DIGEST-MD5 most of the time".
     145                 * It's weak, pointless over TLS, and often breaks with some servers (hi openfire) */
     146
    157147                xt_add_attr(reply, "mechanism", "DIGEST-MD5");
    158148
     
    295285        dec = frombase64(node->text);
    296286
    297         if (jd->flags & JFLAG_SASL_FB) {
    298                 /* New-style Facebook OAauth2 support. Instead of sending a refresh
    299                    token, they just send an access token that should never expire. */
    300                 GSList *p_in = NULL, *p_out = NULL;
    301                 char time[33];
    302 
    303                 oauth_params_parse(&p_in, dec);
    304                 oauth_params_add(&p_out, "nonce", oauth_params_get(&p_in, "nonce"));
    305                 oauth_params_add(&p_out, "method", oauth_params_get(&p_in, "method"));
    306                 oauth_params_free(&p_in);
    307 
    308                 g_snprintf(time, sizeof(time), "%lld", (long long) (gettime() * 1000));
    309                 oauth_params_add(&p_out, "call_id", time);
    310                 oauth_params_add(&p_out, "api_key", oauth2_service_facebook.consumer_key);
    311                 oauth_params_add(&p_out, "v", "1.0");
    312                 oauth_params_add(&p_out, "format", "XML");
    313                 oauth_params_add(&p_out, "access_token", jd->oauth2_access_token);
    314 
    315                 reply = oauth_params_string(p_out);
    316                 oauth_params_free(&p_out);
    317         } else if (!(s = sasl_get_part(dec, "rspauth"))) {
     287        if (!(s = sasl_get_part(dec, "rspauth"))) {
    318288                /* See RFC 2831 for for information. */
    319289                md5_state_t A1, A2, H;
Note: See TracChangeset for help on using the changeset viewer.